Securing Web Services

Question

I'm working on an ASP.Net AJAX site (using a silverlight front end) and, of course, all of the data and membership elements must be accessed from a web service. I have no problem with this and everything is up and working. The problem is that anyone with a brain and a knowledge of a utilty like "Live HTTP Headers" in firefox can see where my web services are and get the service method definitions, etc, etc.

My query is this: Are there any standing practices for securing web services from the public (so that only I my app can utilize the services), and what are the best methods.

Any tutorials or documentation on how to implement this would be great.

Thanks,

Joshua Foulk

vivek kulkarni · Answer

Hi There are various ways for securing Webservices.. like adding authenticated headers. You can use the extensions methods like before serialize after serialize and before deserialize and after deserialize. The best would be to use SSL for securing your webservices. http://msdn.microsoft.com/en-us/library/aa302428.aspx Improving Web Application Security: Threats and Countermeasures Thank you Vivek